内容简介:Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more.Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view
Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more.
Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices.
Nvidia’s graphics driver (also known as the GPU Display Driver) for Windows is used in devices targeted to enthusiast gamers; it’s the software component that enables the device’s operating system and programs to use its high-level, gaming-optimized graphics hardware.
One of the vulnerabilities, CVE-2020-5962, exists in the Nvidia Control Panel component, which provides control of the graphics driver settings as well as other utilities installed on the system. The flaw could allow an attacker with local system access to corrupt a system file, which may lead to DoS or escalation of privileges, according to Nvidia’s Wednesday security advisory.
Another vulnerability (CVE‑2020‑5963) exists in the CUDA Driver, a computing platform and programming model invented by Nvidia. The issue stems from improper access control in the driver’s Inter Process Communication APIs. It could lead to lead to code execution, DoS or information disclosure.
The display driver also contains four medium-severity flaws, existing in the service host component (CVE‑2020‑5964), the DirectX 11 user mode driver (CVE‑2020‑5965), the the kernel mode layer (CVE‑2020‑5966) and the UVM driver (CVE‑2020‑5967).
Various drivers are affected for Windows and Linux users, including ones that use Nvidia’s GeForce, Quadro and Tesla software. A full list of affected – and updated – versions are below.
Nvidia also stomped out four high-severity flaws in its Virtual GPU (vGPU) manager, its tool that enables multiple virtual machines to have simultaneous, direct access to a single physical GPU, while also using Nvidia graphics drivers deployed on non-virtualized operating systems.
In this case, the software does not restrict (or incorrectly restricts) operations within the boundaries of a resource that could be accessed by using an index or pointer, such as memory or files. That may lead to code execution, DoS, escalation of privileges or information disclosure (CVE‑2020‑5968), warned Nvidia.
Another flaw stems from the vGPU plugin validating shared resources before using them, creating a race condition which may lead to DoS or information disclosure (CVE‑2020‑5969). And in another glitch, input data size is not validated in the vGPU plugin, which may lead to tampering or denial of service (CVE‑2020‑5970).
The final vGPU flaw (CVE‑2020‑5971) stems from the software reading from a buffer by using buffer access mechanisms (such as indexes or pointers) that reference memory locations after the targeted buffer. This could lead to code execution, DoS, escalated privileges, or information disclosure.
It’s only the latest slew of patches that Nvidia has issued. Earlier in March, the company fixed several high-severity vulnerabilities in its graphics driver, which can be exploited by a local attacker to launch DoS or code-execution attacks. Last year, Nvidia issued fixes forhigh-severity flawsin two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be exploited to launch an array of malicious attacks – from DoS to escalation of privileges. Also in 2019, Nvidia patchedanother high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products, if exploited.
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
笨办法学Python 3
[美]泽德 A. 肖 / 王巍巍 / 人民邮电出版社 / 2018-6-1 / CNY 59.00
本书是一本Python入门书,适合对计算机了解不多,没有学过编程,但对编程感兴趣的读者学习使用。这本书以习题的方式引导读者一步一步学习编程,从简单的打印一直讲到完整项目的实现,让初学者从基础的编程技术入手,最终体验到软件开发的基本过程。本书是基于Python 3.6版本编写的。 本书结构非常简单,除“准备工作”之外,还包括52个习题,其中26个覆盖了输入/输出、变量和函数3个主题,另外26个......一起来看看 《笨办法学Python 3》 这本书的介绍吧!